9 Dec
2020
9 Dec
'20
10:20 a.m.
On 09.12.20 07:53, Robert Hentsch-Jesse wrote:
Unfortunately freeradius seems to ignore the settings from within /etc/ssl/openssl.cnf for its LDAPS connections. The tool is still negotiating the connection with servers, which provide only TLS 1.1.
What SSL library is your libldap using? I assumed OpenSSL but depending on the distribution it may be GnuTLS or NSS. You can als try to set TLS_CIPHER_SUITE OR TLS_PROTOCOL_MIN via /etc/ldap/ldap.conf. Please read ldap.conf(5) and the documentation of the used SSL library for valid values. Grüße, Sven.